android中进行https连接的方式(源码)

于 2012-09-03 17:13:00 发布
阅读量108 收藏
点赞数
文章标签: 移动开发 java
本文提供了一段Java代码示例,展示了如何在Android应用中跳过服务器证书验证,并导入自定义证书以防止钓鱼攻击。包括代码实现、导入公钥流程以及关于证书类型的问题解答。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

如果不需要验证服务器端证书,直接照这里做

[java] view plain copy print ?
  1. publicclassDemoextendsActivity{
  2. /**Calledwhentheactivityisfirstcreated.*/
  3. privateTextViewtext;
  4. @Override
  5. publicvoidonCreate(BundlesavedInstanceState){
  6. super.onCreate(savedInstanceState);
  7. setContentView(R.layout.main);
  8. text=(TextView)findViewById(R.id.text);
  9. GetHttps();
  10. }
  12. privatevoidGetHttps(){
  13. Stringhttps="https://800wen.com/";
  14. try{
  15. SSLContextsc=SSLContext.getInstance("TLS");
  16. sc.init(null,newTrustManager[]{newMyTrustManager()},newSecureRandom());
  17. HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  18. HttpsURLConnection.setDefaultHostnameVerifier(newMyHostnameVerifier());
  19. HttpsURLConnectionconn=(HttpsURLConnection)newURL(https).openConnection();
  20. conn.setDoOutput(true);
  21. conn.setDoInput(true);
  22. conn.connect();
  24. BufferedReaderbr=newBufferedReader(newInputStreamReader(conn.getInputStream()));
  25. StringBuffersb=newStringBuffer();
  26. Stringline;
  27. while((line=br.readLine())!=null)
  28. sb.append(line);
  30. text.setText(sb.toString());
  32. }catch(Exceptione){
  33. Log.e(this.getClass().getName(),e.getMessage());
  34. }
  36. }
  38. privateclassMyHostnameVerifierimplementsHostnameVerifier{
  40. @Override
  41. publicbooleanverify(Stringhostname,SSLSessionsession){
  42. //TODOAuto-generatedmethodstub
  43. returntrue;
  44. }
  45. }
  47. privateclassMyTrustManagerimplementsX509TrustManager{
  49. @Override
  50. publicvoidcheckClientTrusted(X509Certificate[]chain,StringauthType)
  51. throwsCertificateException{
  52. //TODOAuto-generatedmethodstub
  54. }
  56. @Override
  57. publicvoidcheckServerTrusted(X509Certificate[]chain,StringauthType)
  58. throwsCertificateException{
  59. //TODOAuto-generatedmethodstub
  61. }
  63. @Override
  64. publicX509Certificate[]getAcceptedIssuers(){
  65. //TODOAuto-generatedmethodstub
  66. returnnull;
  67. }
  68. }
  69. }
    public class Demo extends Activity {
        /** Called when the activity is first created. */
            private TextView text;
        @Override
        public void onCreate(Bundle savedInstanceState) {
            super.onCreate(savedInstanceState);
            setContentView(R.layout.main);
            text = (TextView)findViewById(R.id.text);
            GetHttps();
        }
        
        private void GetHttps(){
                String https = " https://800wen.com/";
                try{
                        SSLContext sc = SSLContext.getInstance("TLS");
                        sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
                        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
                        HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
                        HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
                        conn.setDoOutput(true);
                        conn.setDoInput(true);
                        conn.connect();
                        
                         BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream())); 
                 StringBuffer sb = new StringBuffer(); 
                 String line; 
                 while ((line = br.readLine()) != null) 
                         sb.append(line); 
                        
                        text.setText(sb.toString());
                        
                }catch(Exception e){
                        Log.e(this.getClass().getName(), e.getMessage());
                }
                
        }
        
        private class MyHostnameVerifier implements HostnameVerifier{

                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                            // TODO Auto-generated method stub
                            return true;
                    }
        }
        
        private class MyTrustManager implements X509TrustManager{

                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType)
                                    throws CertificateException {
                            // TODO Auto-generated method stub
                            
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType)
                                    throws CertificateException {
                            // TODO Auto-generated method stub
                            
                    }

                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                            // TODO Auto-generated method stub
                            return null;
                    }        
        }  
    }

如果需要验证服务器端证书(这样能够防钓鱼),我是这样做的,还有些问题问大牛:
a. 导出公钥。在浏览器上用https访问tomcat,查看其证书,并另存为一个文件(存成了X.509格式:xxxx.cer)
b. 导入公钥。把xxxx.cer放在Android的assets文件夹中,以方便在运行时通过代码读取此证书,留了两个问题给大牛:

[java] view plain copy print ?
  1. AssetManageram=context.getAssets();
  2. InputStreamins=am.open("robusoft.cer");
  3. try{
  4. //读取证书
  5. CertificateFactorycerFactory=CertificateFactory.getInstance("X.509");//问1
  6. Certificatecer=cerFactory.generateCertificate(ins);
  7. //创建一个证书库,并将证书导入证书库
  8. KeyStorekeyStore=KeyStore.getInstance("PKCS12","BC");//问2
  9. keyStore.load(null,null);
  10. keyStore.setCertificateEntry("trust",cer);
  11. returnkeyStore;
  12. }finally{
  13. ins.close();
  14. }
  15. //把咱的证书库作为信任证书库
  16. SSLSocketFactorysocketFactory=newSSLSocketFactory(keystore);
  17. Schemesch=newScheme("https",socketFactory,443);
  18. //完工
  19. HttpClientmHttpClient=newDefaultHttpClient();
  20. mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
    AssetManager am = context.getAssets();
    InputStream ins = am.open("robusoft.cer");
    try {
            //读取证书
            CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");  //问1
            Certificate cer = cerFactory.generateCertificate(ins);
            //创建一个证书库,并将证书导入证书库
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");   //问2
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trust", cer);
            return keyStore;
    } finally {
            ins.close();
    }
    //把咱的证书库作为信任证书库
    SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
    Scheme sch = new Scheme("https", socketFactory, 443);
    //完工
    HttpClient mHttpClient = new DefaultHttpClient();
    mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

问1:这里用"PKCS12"不行

答1:PKCS12和JKS是keystore的type,不是Certificate的type,所以X.509不能用PKCS12代替


问2:这里用"JKS"不行。

答2:android平台上支持的keystore type好像只有PKCS12,不支持JKS,所以不能用JKS代替在PKCS12,不过在windows平台上是可以代替的


iteye_19606
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值